1 / 44

AFIAA ‘Framing Risks’ Fraud & AML Overview

AFIAA ‘Framing Risks’ Fraud & AML Overview. Leanne Vale Senior Manager Financial Crimes Compliance Services 31 May 2007. Introductions & Agenda. Leanne Vale Senior Manager Financial Crimes Abacus Australian Mutuals With CUIA/Abacus 4 years

lapis
Download Presentation

AFIAA ‘Framing Risks’ Fraud & AML Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AFIAA ‘Framing Risks’ Fraud & AML Overview Leanne Vale Senior Manager Financial Crimes Compliance Services 31 May 2007

  2. Introductions & Agenda • Leanne Vale • Senior Manager Financial Crimes • Abacus Australian Mutuals • With CUIA/Abacus 4 years • Formation of Abacus/CUI’s first fraud prevention role now department • 18 years experience in senior fraud prevention roles within large banks, building societies and credit unions • Former AFP, Dip Fin, CFE, & Masters Business Administration (MBA) • Abacus industry representative on ABA Fraud taskforce, B Pay & APCA fraud committees. • Formation of Abacus private/policing industry partnership with AHTCC as part of National Response Plan to tackle Cybercrime since 2004 • Industry fraud voice at table, well respected in government and LEA

  3. AFIAA Agenda • Fraud& Financial Crimes • Abacus fraud services- ‘A United Approach’ • Fraud landscape overview- Key Fraud Risks • Fraud Risk- ensuring a balanced and proactive approach • AML/CTF • AML/CTF Legislative changes • Shaping an AML/CTF Compliance program • AML/CTF Abacus ‘Evolve’

  4. Fraud –Entrenched business risk • Internet payment and victim crime • Identity Fraud- including theft and related crime • Card Fraud –instances of skimming, counterfeiting and other compromises • Cheque Fraud- intercepted mail, material • alterations, valueless cheques and theft of banking instrument • Lending Fraud- private sale, ID takeover, car, remote identification process, fraudulent invoices & complicit buyer/seller

  5. Abacus- Strategies of scale • Abacus secure Fraud channel is used exclusively by 320 fraud partnership members- Is your organisation a member? • Our collective strength enables fraud prevention efforts to be offered across 150 institutions now rather than singular focus • Members continue to enjoy demonstrated loss savings obtained through the efforts of Abacus fraud prevention • Our interbank and law enforcement relationships are based on strong, active engagement and mutual assistance with fraud such as online crime • Abacus fraud training modules are best practice and pragmatic based to enable a level playing field amongst industry members

  6. Abacus fraud team saves big $5.7M for members in 2006 Abacus Fraud team worked with members in 2006 to save 5.6M Abacus Fraud handle in excess of 100 Q & A’s and incident management requests per month from members

  7. Abacus Secure Fraud Forum…protecting members since Nov 04 Secure Fraud alerts real time 320 users Av 5500 hits per month Over 3,500 alerts posted

  8. Abacus Fraud Training products

  9. Online fraud risk landscape • Online fraud is a widespread risk with exposure loss at more than $30M+ annually • Credit union losses in the $X00,000’s • Spyware & trojans do notneed customer action, rootkits and malware are now key emerging threat • Major and regional banks have, or are on the way to, 2 factor or dual authentication regimes • Our sector is exposed to erosion of confidence in online banking as others seek to ‘market’ their fraud prevention - eg tokens & SMS • Our industry LIMITS DO NOT REFLECT RISK APPETITE! • Some CU losses are +50K in one week with some two factor options costing less than 10K • Not uncommon for multiple transactions in one day or over time on one member to mean high losses

  10. EFT Code Issues: Who wears the cost? • Liability for online ‘losses’ • Phishing/online scams: institutions wear loss • ASIC notes the issue:

  11. Types of “two factor” on offer • Mixed deployment choices amongst the small % of credit unions who have invested in two factor: • One-time password tokens • One-time passwords via SMS • Randomly generated images (eg Factor2) • Digital certificates • Smart cards • Biometrics (very limited) • Message Authentication Codes • To date, no clear industry standard or one stop supplier

  12. Example of responses: No silver bullet

  13. AHTCC key partner Abacus

  14. May 2007: CUA Phishing Example Note Phishy URL in Italy

  15. Issuing Visa Fraud trend 03-07 Source: VISA TC40 reports

  16. Card Fraud Risk Strategic Overview • Counterfeit is contained, however, PIN’s under attack • Increasing levels of CNP (Card Not Present) fraud Fraud in Asia Pacific • New threats continue to emerge with new technology • Strong (EMV) authentication strategy vital • Customer Education vital especially for o’seas ATM users to ‘provide cover’ • Eyes on the ball with card detection software • Ensure time spent on analysis rather than smile and dial

  17. Developing an enterprise wide fraud risk profile • Strongly consider business case for two factor authentication as strategic option for online fraud prevention • Integrate fraud risk assessment into strategic development (product and process design) - ensure forecasted losses are measured against revenue line • Ensure Insurance coverage reflects risk acceptance levels – events are treated as singular and not aggregated first claim basis • Consider leveraging natural synergies of resource allocation between AML and Fraud

  18. Abacus Fraud Prevention Strong consumer focus

  19. Establishing an AML/CTF Program Support tools from Abacus AML Evolve team supporting members

  20. AML/CTF – Commencement • Implementation timetable: • @ Dec 2006: Record retention, EFT information • @ December 2007: Compliance reporting (from June) • @ December 2007: AML Program developed and in place- Parts A & B • @ Dec 2007: Identification (Customer ID) • @ Dec 2008: Monitoring and suspicious matters (reporting)

  21. When must this all happen – transition milestones • December 2008 • Transaction Monitoring program • Reporting obligations suspicious matter reporting • June 2007 • Correspondent banking requirements • Records about AML/CTF programs Dec 06 June 07 Dec 07 Dec 08 2 4 1 3 • Immediate • AML/CTF Bill received Royal Assent on 12/12/06 • Electronic Funds Transfer Instructions • Register of providers of designated remittance services countermeasures • Records of Electronic Funds Transfer Instructions • Records of Electronic Transactions • December 2007 • Customer Identification processes- Know Your Customer • First AML/CTF compliance Report 13 December 2007 • AML/CTF Programs to be implemented • Record keeping requirements

  22. Snapshot of the new regime (1) • Your CU/BS is a Reporting Entity under the new law • Your CU/BS provides Designated Services under the new law • Your CU/BS must understand the particular ML/TF risks your business faces • Your CU/BS must put in place appropriate responses to those risks

  23. Snapshot of the new regime (2) • Your CU/BS must identify and verify customers in accordance with the legislation • Your CU/BS mustundertake ongoing customer due diligence – which can mean more identification and verification of the customer • Your CU/BS must monitor customer transactions • Your CU/BS must report certain transactions and suspicious matters • The CU/BS Board mustensure all of this happens

  24. Establish AML Program Management Templates; Plans; Status tracking; Change; Governance; Issuesescalation Program Management Risk assess KYC Design Procedures Capabilities KYC Mapping Develop Policies & Procedures Update Policies & Procedures Monitoring sys. Design Test Implement Build Systems KYC sys. Design Build Test Impl’t AML Manual Update Update Regulatory Regulatory Advice Assess Impacts Change Management Engage staff Training design & delivery Training updates Planning through transition- remember Abacus is walking through these milestones with you Jan 07 Jan 08 Jan 09 Jul 07

  25. Role of Senior Management • Responsible for implementation of AML/CTF program and AML/CTF policy • Responsible for reporting to the Board on the management of the organisations ML/TF risk

  26. Management issues (1) • How do we plan to implement an AML/CTF program in our organisation? • will need to demonstrate compliance with AML/CTF by implementing both Parts A & B of compliance program • All implementation must be within the milestone key compliance dates

  27. Management issues (2) • How will our organisation view and treat internal breaches of the AML/CTF legislation • How will our implementation plan will be measured for monitoring and evaluate performance? • Consider KPIs for this purpose will need to be developed and track performance • What are the operational business implications of the AML program (customer relationships, third party relationships, staff due diligence)

  28. Management issues (3) • Scoping indicative cost for program to implement and deliverables including leveraging support available from Abacus • Allocating who will be responsible for implementation, evaluation and monitoring • Part A means policy changes have to be made & decisions made on which ones • Considering Training- what type of training is needed across the organisation?

  29. Management issues (4) • What will be the expected risk profile of customers we deal with and how will we do so? • eg. if they are HIGH risk – such as monitoring EDD (Enhanced Due Diligence) • What methods and measures could we use for monitoring and evaluating compliance with the AML/CTF program? • What possible system changes could be made using existing infrastructure

  30. What is an AML/CTF Program ? • Divided into 2 components - “Part A” and “Part B” • Part A • Covers how you will identify, mitigate and manage ML/TF risk • Is the governance, policy and risk assessment part of the program • Part B • Covers how you set applicable customer identification procedures • Details acceptance of identification for low, med & high risk customers (KYC) – Know Your Customer plus when extra validation is triggered

  31. Key Dates : AML/CTF Program • Must adopt and comply with AML/CTF Program by 12 December 2007 • 15 month non-enforcement period to March 2009 if you take reasonable steps to comply

  32. Part A – How Can You Identify Risk ? • Need to be able to make an assessment and rating of : • Customer type • Product type • Channel type • Geographic elements • Must be flexible to accommodate changes in designated services

  33. Part B- Collecting Customer Identification • Need to have procedures to cover all types of identification presented ie: photographic, non-photographic & reliable/independent • Abacus Program Development Guide Part B will step you through recommended procedures for each type of identification • Abacus Draft Program Guide will deliver template policies for adoption

  34. AML Risk Identification Assessment across your business KYC Across All Business Lines HIGH MED LOW EXISTING LEGISLATION On Board CHANNELS DE, ATM, Online Face to face Banking Transactions CUSTOMER RISK PRODUCT RISK 0+ Risk scoring assessment tool Customer Risk Attributes Product Risk Attributes Access channel Risk attributes Geographic Risk attributes ONGOING MONITORING = Adjustment + flexibility Schematic : AML/CTF Program

  35. ScoreLine :Risk Scoring Model from Abacus • At the click of a button you can : • assess (score) risk • produce charts • generate reports • (extract from ScoreLine)

  36. ScoreLine shows what is driving customer risk Reporting of text and graphical information (extract from ScoreLine)

  37. ScoreLine does risk scoring and rating across Customer, Channel & Product Drill down to individuals or form an overall picture of risk (extract from ScoreLine)

  38. Use ScoreLine to show your risk profile Low Risk Med Risk High Risk Actual Risk Profile of CUBS sector based on industry risk assessment work by Deloitte in 2006

  39. Risk profile is fundamental to the AML/CTF Program (& AUSTRAC’s needs) AML Program A Mutual Ltd AML/CTF Risk Profile Reporting Training KYC Monitoring Employee DD

  40. Key Issue … AML and systems • Don’t put the cart before the horse • Risk assessment and triggers will drive monitoring and system needs, not the reverse • First need is to understand, scope and adopt AML Program including policies including transactional limits (risk mitigants) before monitoring triggers will be known (Part A) • Next will need to adopt a preferred ID method in the AML/CTF Program before monitoring will be known (Part B) • Monitoring not obligatory until Dec 2008 • Abacus is working to ensure an aggregated approach is taken with vendors on monitoring solutions

  41. AML Evolve : implementation support Systems & Monitoring Solutions Risk Scoring Model AML Evolve AML/CTF Support Package AML/CTF Reference Manual Program Development Guide Training Online Discussion Forum AML Evolve has been developed in house by Abacus in conjunction with Deloitte especially to meet the needs of the mutual ADI sector. Other consultants promoting their own services by claiming linkages to Abacus AML Evolve do so without having had any discussions with Abacus and have no authority from Abacus to make such claims.

  42. Stay tuned … • AML Update – Watch and share with board, managers and project staff monthly • Abacus mainstream work is continuing behind the scenes • Consultation and feedback through groups and online forum paramount

  43. Need more information ? • Abacus Compliance Services • (02) 8299 9227 • complianceinfo@abacus.org.au • amlevolve@abacus.org.au • Interact.cu.net.au • AUSTRAC – www.austrac.gov.au

  44. THANKYOU! • Leanne Vale • Senior Manager Financial Crimes • Compliance Services • Abacus Australian Mutuals • 02 8299 9054 • lvale@abacus.org.au

More Related